RE: [PHP] Re: Finding out how a variable was registered

Wed, 05 Jun 2002 15:38:33 -0700 

It may not work for you but this seems to work for us:

<?php

if ($HTTP_SERVER_VARS["argc"] != 0) // If someone is trying to pass a get argument
        {
    Header("Location: $PHP_SELF"); // Then reload the page argument-free
        exit;
        }
?>

-----Original Message-----
From: Scott Hurring [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 05, 2002 4:18 PM
To: Php-General (E-mail)
Subject: RE: [PHP] Re: Finding out how a variable was registered


If you want to stop most people, try posting an MD5() hash
of the field contents to the form, and then verifying it
upon form submittal.

For example:

<input type=hidden name=form[last] value="Blah">
<input type=hidden name=form[last_md5] value=" ... ">

However, if you get a smart user, he can simply change
the value and the MD5 hash to be the correct hash of
the new value and circumvent all your work. 

(But then again, if you get anyone that's smart and
committed, it's just a matter of time before he will
figure out *some* loophole to subvert your forms)

---
Scott Hurring
Systems Programmer
EAC Corporation
[EMAIL PROTECTED]
Voice: 201-462-2149
Fax: 201-288-1515

> -----Original Message-----
> From: John Taylor-Johnston [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, June 05, 2002 5:24 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] Re: Finding out how a variable was registered
> 
> 
> If you change your header to pragma-nocache, he should not be able
> to see the source to know what elements he needs for a <method=get>.
> Or you could also use a session to hide the variables?
> 
> Joe Pemberton wrote:
> 
> > Is there a function call to figure out how a variable was 
> registered?  I am writing a page that handles a form and I 
> need to know whether or not a variable was created using the 
> GET or POST method (I don't want the user to be able to to 
> 'foo.php?var=value' and mess with the results)
> > - - Joe
> >
> > [EMAIL PROTECTED]
> 
> --
> John Taylor-Johnston
> --------------------------------------------------------------
> ---------------
>   ' ' '   Collège de Sherbrooke:
>  ô¿ô   http://www.collegesherbrooke.qc.ca/languesmodernes/
>    -     Université de Sherbrooke:
>           http://compcanlit.ca/
>           819-569-2064
> 
> 
> 
> -- 
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to